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CLAIMS 

What is claimed is: 



1 1 . A method comprising: 

2 analyzing database access statements issued for an application in use; 

3 determining accessed items and types of access for the application based on the 

4 issued database access statements for the application; and 

5 developing a role associated with the application based on the determined accessed 

6 items and types of access, wherein the role may be used to allow a user database access when 

7 associated with the application. 

1 2. The method of claim 1 wherein analyzing the issued database access 

2 statements comprises: 

3 capturing the database access statements; 

4 normalizing the database access statements; and 

5 eliminating redundancies in the database access statements. 

1 3. The method of claim 2 wherein the database access statements comprise 

2 Structured Query Language (SQL) queries. 

1 4. The method of claim 1 wherein the determined accessed items and types of 

2 access include objects accessed and operations performed on the objects. 

1 5. The method of claim 1 wherein developing a role comprises determining 

2 permissions for the application based on the determined accessed items and types of access. 

1 6. The method of claim 1 further comprising determining which of a set of users 

2 are authorized to use the application. 

1 7. The method of claim 1 further comprising: 

2 detecting a user request to establish an application session; 

3 finding the role associated with the application; and 
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4 assigning the role to a user. 

1 8. The method of claim 7 wherein detecting a user request to establish an 

2 application session comprises determining if a user is authorized to use the application. 

1 9. The method of claim 7 further comprising: 

2 detecting an end of the application session; and 

3 if an end of the application session is detected, disabling the assigned role for the 

4 user. 
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1 10. An article comprising a machine-readable medium storing instructions 

2 operable to cause one or more machines to perform operations comprising: 

3 analyzing database access statements issued for an application in use; 

4 determining accessed items and types of access for the application based on the 

5 issued database access statements for the application; and 

6 developing a role associated with the application based on the determined accessed 

7 items and types of access, wherein the role may be used to allow a user database access when 

8 associated the application. 

1 11. The article of claim 1 0, wherein analyzing the issued database access 

2 statements comprises: 

3 determining whether the database access statements have been captured; 

4 normalizing the database access statements; and 

5 eliminating redundancies in the database access statements. 

1 12. The article of claim 10 wherein the determined accessed items and types of 

2 access include objects accessed and operations performed on the objects. 

1 13. The article of claim 10 wherein developing a role comprises determining 

2 permissions for the application based on the determined accessed items and types of access. 

1 14. The article of claim 10 wherein the instructions are further operable to cause 

2 one or more machines to perform operations comprising determining which of a set of users 

3 are authorized to use the application. 

1 15. The article of claim 10 wherein the instructions are further operable to cause 

2 one or more machines to perform operations comprising: 

3 determining whether a user request to establish an application session has been 

4 detected; 

5 finding the role associated with the application; and 

6 assigning the role to a user. 
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1 16. The article of claim 15 wherein detecting a user request to establish an 

2 application session comprises determining if a user is authorized to use the application. 

1 17. The article of claim 15 wherein the instructions are further operable to cause 

2 one or more machines to perform operations comprising: 

3 detecting an end of the application session; and 

4 if an end of the application session is detected, disabling the assigned role for the 

5 user. 
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1 1 8. A database security analyzer comprising: 

2 a communication interface operable to receive database access statements issued for 

3 an application in use; 

4 a memory operable to store the issued database access statements; and 

5 a processor operable to develop a role associated with the application based on the 

6 issued database access statements for the application, wherein the role may be used to allow a 

7 user database access when using the application. 

1 19. The analyzer of claim 1 8 wherein developing a role comprises: 

2 determining accessed items and types of access for an application based on the issued 

3 database access statements for the application; 

4 determining permissions for the application based on the determined accessed items 

5 and types of access; and 

6 developing a role associated with the application based on the determined 

7 permissions. 

1 20. The analyzer of claim 19 wherein the determined accessed items and types of 

2 access include objects accessed and operations performed on the objects. 

1 21. The analyzer of claim 1 8 wherein developing a role comprises: 

2 determining whether issued database access statements have been captured; 

3 normalizing the database access statements; and 

4 eliminating redundancies in the database access statements. 

1 22. The analyzer of claim 18 wherein the memory comprises instructions, and the 

2 processor operates according to the instructions. 
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1 23 . A method comprising: 

2 capturing the database access statements issued for one or more applications in use, 

3 wherein the database access statements comprise Structured Query Language (SQL) queries; 

4 normalizing the issued database access statements; 

5 eliminating redundancies in the normalized database access statements; 

6 determining accessed items and types of access for an application based on the issued 

7 database access statements for the application, wherein the determined accessed items and 

8 types of access include objects accessed and operations performed on the objects; 

9 determining permissions for the application based on the accessed items and types of 

10 access; 

1 1 developing a role associated with the application based on the developed permissions; 

12 determining which of a set of users are authorized to use the application; 

13 detecting a user request to establish a session of the application; 

14 determining if the user is authorized to use the application; 

15 if the user is authorized to use the application, finding the role associated with the 

16 application; 

17 assigning the role to the user; 

18 detecting an end of the application session; and 

19 if an end of the application session is detected, disabling the assigned role for the 

20 user. 
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